package org.seven.jrdp.commons.shiro.filter;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletResponse;

import org.apache.shiro.web.filter.AccessControlFilter;
import org.apache.shiro.web.util.WebUtils;
import org.seven.jrdp.commons.util.TokenUtils;

public class TokenFilter extends AccessControlFilter {
	@Override
	public boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) throws Exception {
		return false;
	}

	@Override
	protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception {
		String token = request.getParameter("token");
		String sub = TokenUtils.parseToken(token);
		if (sub == null) {
			WebUtils.toHttp(response).sendError(HttpServletResponse.SC_UNAUTHORIZED);
			return false;
		} else {
			return true;
		}
	}
}